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declarant, the undersigned, is not an inventor, owner or other individual as state in 131. 
Thus, the declaration must be filed under the more general 132. 

FREUND'S NON-PROVISIONAL APPLICATION FAILS 
TO TEACH OR SUGGEST THE CLAIMED INVENTION 

In response, the Office has maintained the rejection, asserting that Freund's disclosure 
may fully rely on the provisional application 60/308498 (from which Freund claims priority). 
Thus, the outstanding Office Action now requires Applicant to point out and describe the 
portions of the rejection that are not supported. 

Thus, Applicant traverses the rejection specifically because Freund (in either the 
provisional or non-provisional application) fails to each or suggest determining the current 
location of a firewall based on an IP address. The Office Action asserted that this claimed 
feature is taught by Freund at paragraphs [0073], [0074], [0080] and [0095]. 

[00731 

However, paragraph [0073] merely states that Freund's invention includes a system 
providing methodologies for detecting and distinguishing between different networks to 
which a mobile computer or device is connected from time to time and that the ability to 
detect and distinguish between networks enables different security settings to be applied by 
the user (or by an established security policy) depending on which network the device is 
connected to at that time. Freund also teaches that these security settings are then 
automatically applied to reconfigure the device's firewall. 

However, paragraph [0073] fail to teach or suggest how detecting and distinguishing 
between different networks is implemented. More particularly, Freund fails to teach or 
suggest whether detecting and distinguishing is implemented based on an IP address. 

Furthermore, there is no disclosure which corresponds to paragraph [0073] in the 
provisional Freund application. 

r00741 

Similarly, paragraph [0074] merely teaches that profiles of networks that have been 
previously detected are stored to enable identification of that same network in the future and 
to save the security settings previously used for that network. Freund further teaches that, as 
new networks are identified, the user has the opportunity to choose what level of access he or 
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she wants to permit on each network, which enables the user to reconfigure the personal 
firewall on his or her computer (or, in other words to apply different security settings) for 
each different network to which he or she is connected from time to time. Alternatively, 
[0074] discloses that rules can be established in advance by the user or an administrator, e.g., 
a user may elect to exclude all new networks from the trusted zone. 

Thus, paragraph [0074] also fails to teach, suggest or disclose determining the current 
location of a personal firewall based on an Internet Protcol (IP) address currently used by a 
client computer. To the contrary, paragraph [0074] actually teaches identification by the 
network using a network profile. 

Furthermore, there is no disclosure which corresponds to paragraph [0074] in the 
provisional Freund application. The provisional Freund application mentions the term 
"network profile" in only two points: 

• Page 11, lines 15-18: "The network profile is the collection of data properties 
necessary to distinguish one network from another when appropriate, and to 
recognize as identical a previously profiled network. This information must be 
persistable and recreatable so that an existing network profile can be compared with 
the network profile of a newly encountered network". 

• Page 13, lines 23-26: "In the best mode embodiment, the Network profile is 
implemented as a character string, composed by concatenating the textual 
representation of the relevant data items as determined by the connection method. 
Depending on the connection method, the identity string is built using different 
rules". 

Thus paragraph [0074] of Freund, when "supported by" the contents of the 
provisional Freund still fails to teach, suggest or disclose determining the current location of 
said personal firewall based on an Internet Protocol (IP) address currently used by said client 
computer. 

100801 

Paragraph [0080] of Freund discloses that a firewall API 335 is used to enable 
dynamic configuration of firewall 350, which includes a means to configure IP address 
groups used to specify trusted zones and other zones. Paragraph [0080] also teaches that 
using the firewall API 335, a computer or device (or a group of computers and devices) can 
be added to a trusted zone maintained by firewall 350 without having to change the security 
settings applicable to that trusted zone. 
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However, nothing in paragraph [0080] of Freund teaches or suggests determining the 
current location of a personal firewall based on an Internet Protocol (IP) address currently 
used by said client computer. Rather, paragraph [0080] merely describes means to configure 
security settings of a firewall, which is a measure performed after recognizing the network. 

Furthermore, no disclosure which apparently corresponds to paragraph [0080] is in 
the provisional Freund application. 

roo9si 

Paragraph [0095] merely describes the operation illustrated in FIG. 4, which is a flow 
chart illustrating detailed method steps of the operations of the network detection and firewall 
reconfiguration system of the present invention. As explained in [0095], initially, the system 
starts with no knowledge of any connected networks or adaptors. At step 401, the engine 
constructs an initial list of adapters and networks to which these adapters are connected by 
obtaining information through the OS network information API. When a mobile computer or 
device (on which the system is installed) is connected to a different network, the engine, at 
step 402, uses the OS network information API and the associated operating system kernel 
facility to discover that an adapter has been added or removed or an adapter's network 
configuration has changed. 

However, paragraph [0095] fails to teach, suggest or disclose determining the current 
location of said personal firewall based on an Internet Protocol (IP) address currently used by 
said client computer. Instead, paragraph [0095] merely describes the use of a list of adapters 
and networks to which these adapters are connected, the list being obtained by means to 
configure the operations system (OS) network information API of a firewall. 

Furthermore, no disclosure apparently corresponding to paragraph [0080] is provided 
in the provisional Freund application. 

FREUND NON-PROVISIONAL APPLICATION AS A WHOLE 

As explained previously, Freund merely discloses a mobile computing device 
comprising a personal firewall as a security measure. The mobile device profiles the network 
it is connected to by collecting a number of items of information about the network in order 
to uniquely identify that specific network. 
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Thus, even the referenced paragraphs, taken in the context of the Freund non- 
provisional application as a whole, fail to teach, suggest or disclose determining the current 
location of said personal firewall based on an Internet Protocol (IP) address currently used by 
said client computer. 

FREUND' S PROVISIONAL APPLICATION FAILS TO 
DISCLOSE CONTENT 

As explained above, the content of the non-provisional Freund application paragraphs 
[0073], [0074], [0080] and [0095] are not provided by the Freund provisional application. 
Thus, the Freund provisional application cannot be used as a basis for asserting that the 
disclosure of Freund's non-provisional application antedates Applicant's invention. 

Furthermore, definitions used in the referred paragraphs of Freund's non-provisional 
application, are explained in the provisional application 60/308498 in a manner which 
confirms that the present invention as claimed in clearly distinguished from Freund. 

Moreover, Freund's non-provisional application explicitly teaches that mobile 
machines connecting to various different addresses cannot rely solely on IP addresses to 
identify a network (see paragraph [0030]). This is also explicitly manifested in the Freund 
provisional application, page 6, lines 4-6, which teaches away from the present invention by 
stating: "The popularity of NAT technology - and the fact that they are preconfigured with 
the same address ranges - makes it impossible for the firewall to distinguish the networks 
from each other by IP address/ subnet masks". 

Thus, the teachings of Freund's non-provisional application, when further reviewed in 
view of the provisional application, actually teaches away from determining the current 
location of a personal firewall based on internet protocol (IP) address currently used by the 
client computer. Moreover, there would have been no motivation for a person of an ordinary 
skill in the art to act against the specific teaching of Freund (provisional or non-provisional) 
to not rely on IP addresses to identify a network. To the contrary, the skilled person would 
have created a profile of a network for identification in compliance with the principles of 
Freund. 
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KUMAR FAILS TO DISCLOSE, TEACH OR SUGGEST 
ALL FEATURES RECITED IN THE REJECTED CLAIMS 

Further, as admitted by the Office Action, Freund fails to teach or suggest verification 
of the current location determined based on the current IP address of the client computer by 
carrying out a location verification procedure with a predetermined network element. Rather, 
the Office Action asserted that Kumar remedies this deficiency. 

However, Kumar merely teaches use of a DCHP (Dynamic Host Configuration 
Protocol) for configuring a computer device within a LAN. The computer device requests 
configuration information from the LAN, the configuration information including an IP 
address of a gateway in the LAN, an IP address of a device which responses to the request, 
and a netmask. The computer device configures itself by generating IP address and by 
storing the new IP address and the gateway IP address. The computer device generates its IP 
address by combining the netmask with the IP address of the device that responded to the 
request, and with a random number. 

Thus, Kumar actually teaches use of DCHP for dynamic allocation of IP addresses 
within a LAN. A new IP address is randomly allocated to a device by the process so that 
identification of the LAN based on the IP address or verification of such network 
identification by a location verification procedure with a predetermined network element are 
not made. 

Therefore, any modification of Freund based on teachings of Kumar would not have 
resulted in the detection of location of a personal firewall in accordance with the present 
invention as claimed but in the use of DCHP for dynamic allocation of IP addresses within a 
LAN. 

CONCLUSION 

On the above grounds, we submit that claims 1-11 are not obvious from Freund in 
view of Kumar. 

Accordingly, Applicant requests the issuance of a notice of allowance indicating the 
allowability of the pending claims. However, if anything is necessary to place the application 
in condition for allowance, Applicant requests that the Examiner telephone the undersigned 
representative. 
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Please charge any fees associated with the submission of this paper to Deposit 
Account Number 033975. The Commissioner for Patents is also authorized to credit any 
over payments to the above-referenced Deposit Account. 
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